package com.wp.rcm.config.shiro;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import lombok.Value;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.LinkedHashMap;
import java.util.Map;

@Configuration
public class ShiroConfig{

//    @Value("${spring.redis.host}")
//    private String host; //redis主机
//    @Value("${spring.redis.port}")
//    private int port;    //redis端口
//    @Value("${spring.redis.database}")
//    private int database;//redis数据库

    @Bean
    public MyShiroRealm myShiroRealm(){
        return  new MyShiroRealm();
    }

    //thymeleaf 页面上使用 shiro 标签
    @Bean(name = "shiroDialect")
    public ShiroDialect shiroDialect() {
        return new ShiroDialect();
    }

    @Bean
    public SecurityManager securityManager(){ //注意package
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        // 创建 注入的realm（安全数据源）
        securityManager.setRealm(myShiroRealm());
        return  securityManager;
    }

    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager){
        ShiroFilterFactoryBean shiroFilterFactoryBeann = new ShiroFilterFactoryBean();
        shiroFilterFactoryBeann.setLoginUrl("/toLogin");
        //4、将SecurityManager添加到安全对象中
        shiroFilterFactoryBeann.setSecurityManager(securityManager);


        Map<String, String> chainMap = new LinkedHashMap<String, String>();//必须使用 LinkedHashMap(有序集合)
        //1、添加白名单==》不需要权限管理的请求==》资源文件==>static中有多少个文件夹，就配置多少
        chainMap.put("/css/**", "anon");
        chainMap.put("/iamge/**", "anon");
        chainMap.put("/js/**", "anon");
        chainMap.put("/jslocal/**", "anon");
        chainMap.put("/doLogin", "anon"); // 登入提交请求
        chainMap.put("/logout", "anon"); //  退出请求

        //2、添加特定权限可访问的资源==>controller中的所有请求【登入和退出除外】
        chainMap.put("/chance/list","perms[销售机会列表]");
        chainMap.put("/chance/toadd","perms[销售机会新增页面]");
        chainMap.put("/chance/add","perms[销售机会新增]");
        chainMap.put("/chance/toedit","perms[销售机会编辑页面]");
        chainMap.put("/chance/edit","perms[销售机会新编辑]");
        chainMap.put("/chance/del","perms[销售机会删除]");

        chainMap.put("/plant/list","perms[计划列表]");
        chainMap.put("/plant/toadd","perms[计划新增页面]");
        chainMap.put("/plant/add","perms[计划新增]");
        chainMap.put("/plant/toedit","perms[计划编辑页面]");
        chainMap.put("/plant/edit","perms[计划编辑]");
        chainMap.put("/plant/del","perms[计划删除]");



        //其他未知请求，必须认证通过才能进入
        chainMap.put("/**", "authc");

        shiroFilterFactoryBeann.setFilterChainDefinitionMap(chainMap);
        return shiroFilterFactoryBeann;
    }
}

